SMS short codes are provisioned by the wireless carriers with the expectation that the owner of the short code will follow the CTIA Short Code Monitoring Handbook rules and regulations. While most short code owners follow the rules, it’s still essential for the CTIA to do in-market monitoring of short codes to ensure everyone’s compliance.
A CTIA short code audit occurs when a live short code program violates the standards set out in the CTIA Short Code Monitoring Handbook. The CTIA employs a sophisticated in-market monitoring tool to detect these violations. This tool reviews short code campaigns that are being advertised to the public.
CTIA conducts weekly compliance audits for standard-rate short codes leased with the Short Code Registry. CTIA audits are published at 2:00 AM EST every Tuesday and cover issues with short code campaigns during the previous week.
CTIA distributes audit notices each week. Each CTIA short code audit will include:
- A description of CTIA short code violation
- A unique audit number
- An SMS short code
- An SMS service provider
- An SMS aggregator (full list here)
- A CTIA audit notice date
- A CTIA audit cure date
CTIA short code audits are made available to all US wireless carriers that support short code messaging.
IMPORTANT: The CTIA does not monitor TCPA compliance for short codes. This is the short code owner’s responsibility.
CTIA Short Code Audit Severity Levels
All CTIA short code audits are designated different severity levels based on the harm done to the consumer. The severity of the CTIA short code audit will determine how fast the CTIA and the wireless carriers require you to fix the issue before they pursue further legal options.
The different severity levels are listed below, with Severity Zero reserved for the most extreme CTIA short code violations.
|Severity Zero||Extreme consumer harm||Immediate||CTIA: Immediate registry suspension
Carriers: Vary by case; immediate suspension or termination possible
|Severity 1||Serious consumer||5 business days||CTIA: Unresolved audits; possible registry suspension
Carriers: Vary by case
|Severity 2||Moderate Consumer Harm||5 business days||CTIA: Vary by case based on consumer harm
Carriers: Vary by case
Based on the above severity chart, it’s interesting to note that the vast majority of short code audits (80 percent and above) result in a pass, and Severity 0 failures are rare. The charts below may provide a better understanding of the failure rates for each severity level in short code audits, both in their advertising of the campaign and the actual messaging of the campaign.
CTIA Short Code Violation Examples
When failures occur with the messaging flow of the campaign, there’s a similar breakdown. The following chart states that the top violations are neglecting customer care contact information in messages and failing to disclose that “message and data rates may apply.” Failure to disclose to the consumer that they’re opting in for recurring messages takes third place.
CTIA Short Code Audit Communications
Have you received a CTIA short code audit? Don’t worry! The CTIA Compliance Care Team is there to help you! If you have a question about a CTIA audit or need help, leave a comment on the short code audit notice or email firstname.lastname@example.org. The CTIA Compliance Care Team (Care Team) responds promptly to all messages regarding short code compliance. They are there to assist you as much as possible by helping you understand how to resolve short code violations and close CTIA short code audits.
CTIA Short Code Audit Retests
It’s your responsibility as a short code owner to communicate to the CTIA Compliance Care Team that the audit issue has been resolved. If the CTIA Compliance Care Team does not hear back in response to a short code audit, or if the short code owner doesn’t resolve the issue that triggered the audit notice, the short code is subject to further action by either the CTIA or the wireless carriers.
TV and Print Exceptions
The CTIA and the wireless carriers understand that it may not be possible to address an issue if the issue is caused by television or printed material. In these cases, short code owners may submit request for a short code retest on a date later than the required cure date. Retest requests for television or print advertisement violations require a clear explanation of the changes the short code owner will implement for the next round of advertisements.
CTIA short code audits awaiting a retest due to a television or print advertisement are categorized as “Pending Retest.”
CTIA Short Code Audit Appeals
If you believe a CTIA short code audit is not valid, you may challenge the audit by emailing the CTIA Compliance Care Team at email@example.com. The challenge must be received before the cure date on the short code audit notice and must include an explanation of why you believe the short code audit is incorrect.
Reporting CTIA Short Code Violations
Have you found a short code that’s violating any of the rules in the CTIA Short Code Monitoring Handbook? If so, report violations to the CTIA Compliance Care Team at firstname.lastname@example.org. When reporting a short code violation, include the following information:
- Location of the call to action
- SMS short code number
If the CTIA decides to take action against a short code owner for a violation, the information of the person who reported the violation will be kept confidential.
We hope this answered your short code related question. If you have other concerns about short code requirements, definitions, and regulations, explore our Learning Center. This website exists to support your short code research.